Vulnerability Details CVE-2010-2854
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.5%
CVSS Severity
CVSS v2 Score 2.6
References
Products affected by CVE-2010-2854
-
cpe:2.3:a:jared_meeker:event_horizon:1.1.10